Hi There!
I’m entirely new to Auth0 so just starting to learn.
One of my primary use cases is to only allow users to sign up if they have a pre authorized code (like a coupon code).
User case:
We sell our services to company X for use as an HR benefit.
We provide company X with a code of some kind that their employees would use to sign up for our service.
An employee of company X decides to use our service, comes to sign up but must provide that code for signup to succeed.
I don’t want to have to integrate with company X and add all their users (so it seems like Invite Only is not a good fit).
Options:
-User could enter the code first into our service, we validate, then allow them to pass on to Auth0 to sign up (not sure how to protect sign up so only those who have validated their code could progress).
-Add a custom field to the sign up form for the code. We somehow validated that code via a callback to a service we provide to validate the code. If not valid, sign up fails.
What are my best options here?
Thanks
-John
Hi @john.noble. Welcome!
There’s one main setting that governs public signup, and it’s per-database connection:
What this does is prevent usage of the (public) /dbconnections/signup endpoint, meaning that no unauthorized party will be able to create a user. Lock (the widget login UI) and other parts of Auth0 will pick that up, and stop offering a “Signup” alternative to users.
If there are no public signups, it’s applications that are supposed to handle the flow, via the Management API v2’s Create User endpoint.
So going back to your questions:
Options:
User could enter the code first into our service, we validate, then allow them to pass on to Auth0 to sign up (not sure how to protect sign up so only those who have validated their code could progress).
Once you validate the code in your app, the app itself should own the rest of it: ask the user for the details (email, password and so on) and create the user using Management API v2
Add a custom field to the sign up form for the code. We somehow validated that code via a callback to a service we provide to validate the code. If not valid, sign up fails.
I guess you could make it work using custom signup fields and pre-registration hooks , but it will be less than ideal. The built-in signup UIs in Auth0 (Lock and the new Universal Login) are not really design for these kind of validations, so doing your own signup UI (the other option) will be a wiser choice.
Hope that helps!
1 Like
